Not an attack on Tor per se but defeated the use of Tor none the less.

Can you spot the suspect’s error?

From the complaint:

…F. Law Enforcement Identifies “Brian Kil’s” True IP Address

51. On June 9, 2017, the Honorable Debra McVicker Lynch authorized the execution of a Network Investigative Technique “NIT” (defined in Clause No. 1:17-mj-437) in order to ascertain the IP address associated with Brian Kil and Victim 2.

52. As set forth in the search warrant application presented to Judge Lynch, the FBI was authorized by the Court to add a small piece of code (NIT) to a normal video file produced by Victim 2, which did not contain any visual depictions of any minor engaged in sexually explicit activity. As authorized, the FBI then uploaded the video file containing the NIT to the Dropbox.com account known only to Kil and Victim 2. When Kil viewed the video containing the NIT on a computer, the NIT would disclose the true IP address associated with the computer used by Kil.

…

57. When Kil viewed the video containing the NIT on a computer the NIT disclosed the true IP address associated with the computer used by Kil.
…

Where did “Kil’s” opsec fail?

“Kil” viewed content of unknown origin on a networked computer.

“Kil” thought the content originated with Victim 2, but all remote content on the Internet should be treated as being of unknown origin.

No one knows if you are a dog on the Internet just as you don’t know if the FBI sent the video you are playing.

Content of unknown origin is examined and stays on non-networked computers. Copy text only to networked systems. If you need the original content, well, you have been warned.

Inspired by our members, IRE is pleased to announce the first release of raw, unprocessed data from the NICAR Database Library.

The contents of the FBI’s Uniform Crime Report (UCR) master file for 2015 are now available for free download on our website. The package contains the original fixed-width files, data dictionaries for the tables as well as the FBI’s UCR user guide. We are planning subsequent releases of other raw data that is not readily available online.

…

The yearly data from the FBI details arrest and offense numbers for police agencies across the United States. If you download this unprocessed data, expect to do some work to get it in a useable format. The data is fixed-width, across multiple tables, contains many records on a single row that need to be unpacked and in some cases decoded, before being cleaned and imported for use in programs like Excel or your favorite database manager. Not up to the task? We do all of this work in the version of the data that we will soon have for sale in the Database Library.
…

I have peeked at the data and documentation files and “raw” is the correct term.

Think of it as great exercise for when an already cleaned and formatted data set isn’t available.

Each weekday, dozens of U.S. government aircraft take to the skies and slowly circle over American cities. Piloted by agents of the FBI and the Department of Homeland Security (DHS), the planes are fitted with high-resolution video cameras, often working with “augmented reality” software that can superimpose onto the video images everything from street and business names to the owners of individual homes. At least a few planes have carried devices that can track the cell phones of people below. Most of the aircraft are small, flying a mile or so above ground, and many use exhaust mufflers to mute their engines — making them hard to detect by the people they’re spying on.

The government’s airborne surveillance has received little public scrutiny — until now. BuzzFeed News has assembled an unprecedented picture of the operation’s scale and sweep by analyzing aircraft location data collected by the flight-tracking website Flightradar24 from mid-August to the end of December last year, identifying about 200 federal aircraft. Day after day, dozens of these planes circled above cities across the nation.

The FBI and the DHS would not discuss the reasons for individual flights but told BuzzFeed News that their planes are not conducting mass surveillance.

The DHS said that its aircraft were involved with securing the nation’s borders, as well as targeting drug smuggling and human trafficking, and may also be used to support investigations by the FBI and other law enforcement agencies. The FBI said that its planes are only used to target suspects in specific investigations of serious crimes, pointing to a statement issued in June 2015, after reporters and lawmakers started asking questions about FBI surveillance flights.

“It should come as no surprise that the FBI uses planes to follow terrorists, spies, and serious criminals,” said FBI Deputy Director Mark Giuliano, in that statement. “We have an obligation to follow those people who want to hurt our country and its citizens, and we will continue to do so.”
…

…
Officials have been combing through the emails since Sunday night — using a program designed to find only the emails to and from Abedin within the time when Clinton was secretary of state. Agents will compare the latest batch of messages with those that have already been investigated to determine whether any classified information was sent from Clinton’s server.

This process will take some time, but officials tell NBC News that they hope that they will wrap up the winnowing process this week.
…

Since Sunday night?

Here’s how the FBI, using standard Unix tools, could have finished the “winnowing” in time for the Monday evening news cycle:

Transform (if not already) all the emails into .eml format (to give you separate files for each email).

Grep the resulting file set for emails that contain the Clinton email server by name or addess.

Save the result of #2 to a file and copy all those messages to a separate directory.

Extract the digital signature from each of the copied messages (see below), save to the Abedin file digital signature + file name where found.

Let’s take this piece by piece to see what it means. Each “tag” is associated with a value.

b = the actual digital signature of the contents (headers and body) of the mail message

bh = the body hash

d = the signing domain

s = the selector

v = the version

a = the signing algorithm

c = the canonicalization algorithm(s) for header and body

q = the default query method

l = the length of the canonicalized part of the body that has been signed

t = the signature timestamp

x = the expire time

h = the list of signed header fields, repeated for fields that occur multiple times

We can see from this email that:

The digital signature is dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSb av+yuU4zGeeruD00lszZVoG4ZHRNiYzR. This signature is matched with the one stored at the sender’s domain.

The body hash is not listed.

The signing domain is example.com. This is the domain that sent (and signed) the message.

The selector is jun2005.eng.

The version is not listed.

The signing algorithm is rsa-sha1. This is the algorith used to generate the signature.

The canonicalization algorithm(s) for header and body are relaxed/simple.

The default query method is DNS. This is the method used to look up the key on the signing domain.

The length of the canonicalized part of the body that has been signed is not listed. The signing domain can generate a key based on the entire body or only some portion of it. That portion would be listed here.

The signature timestamp is 1117574938. This is when it was signed.

The expire time is 1118006938. Because an already signed email can be reused to “fake” the signature, signatures are set to expire.

The list of signed header fields includes from:to:subject:date. This is the list of fields that have been “signed” to verify that they have not been modified.

The Manufacturing Process

Constructing the body and attaching the fins

1 The steel or aluminum body is die cast in halves. Die casting involves pouring molten metal into a steel die of the desired shape and letting the metal harden. As it cools, the metal assumes the same shape as the die. At this time, an optional chromium coating can be applied to the interior surfaces of the halves that correspond to a completed missile’s cavity. The halves are then welded together, and nozzles are added at the tail end of the body after it has been welded.

2 Moveable fins are now added at predetermined points along the missile body. The fins can be attached to mechanical joints that are then welded to the outside of the body, or they can be inserted into recesses purposely milled into the body.

Casting the propellant

3 The propellant must be carefully applied to the missile cavity in order to ensure a uniform coating, as any irregularities will result in an unreliable burning rate, which in turn detracts from the performance of the missile. The best means of achieving a uniform coating is to apply the propellant by using centrifugal force. This application, called casting, is done in an industrial centrifuge that is well-shielded and situated in an isolated location as a precaution against fire or explosion.

Assembling the guidance system

4 The principal laser components—the photo detecting sensor and optical filters—are assembled in a series of operations that are separate from the rest of the missile’s construction. Circuits that support the laser system are then soldered onto pre-printed boards; extra attention is given to optical materials at this time to protect them from excessive heat, as this can alter the wavelength of light that the missile will be able to detect. The assembled laser subsystem is now set aside pending final assembly. The circuit boards for the electronics suite are also assembled independently from the rest of the missile. If called for by the design, microchips are added to the boards at this time.

5 The guidance system (laser components plus the electronics suite) can now be integrated by linking the requisite circuit boards and inserting the entire assembly into the missile body through an access panel. The missile’s control surfaces are then linked with the guidance system by a series of relay wires, also entered into the missile body via access panels. The photo detecting sensor and its housing, however, are added at this point only for beam riding missiles, in which case the housing is carefully bolted to the exterior diameter of the missile near its rear, facing backward to interpret the laser signals from the parent aircraft.

Final assembly

6 Insertion of the warhead constitutes the final assembly phase of guided missile￼ construction. Great care must be exercised during this process, as mistakes can lead to catastrophic accidents. Simple fastening techniques such as bolting or riveting serve to attach the warhead without risking safety hazards. For guidance systems that home-in on reflected laser light, the photo detecting sensor (in its housing) is bolted into place at the tip of the warhead. On completion of this final phase of assembly, the manufacturer has successfully constructed on of the most complicated, sophisticated, and potentially dangerous pieces of hardware in use today.

Quality Control

Each important component is subjected to rigorous quality control tests prior to assembly. First, the propellant must pass a test in which examiners ignite a sample of the propellant under conditions simulating the flight of a missile. The next test is a wind tunnel exercise involving a model of the missile body. This test evaluates the air flow around the missile during its flight. Additionally, a few missiles set aside for test purposes are fired to test flight characteristics. Further work involves putting the electronics suite through a series of tests to determine the speed and accuracy with which commands get passed along to the missile’s control surfaces. Then the laser components are tested for reliability, and a test beam is fired to allow examiners to record the photo detecting sensor’s ability to “read” the proper wavelength. Finally, a set number of completed guided missiles are test fired from aircraft or helicopters on ranges studded with practice targets.

Did Samata Ullah have the expertise and/or access to the expertise or manufacturing capability for any of those steps?

Moreover, could Samata Ullah have tested and developed a guided missile without someone noticing?

Possession of first principle reading materials, such as chemistry, rocket, missile, etc., manuals or guides is a clear sign an alleged jihadist is an armchair jihadist.

Another sign of an armchair jihadist, along with the possession of such reading materials, is their failure to obtain explosives, weapons, etc., in an effective way.

The United States, via the CIA and the US military, routinely distributes explosives and weapons around the world to various factions.

A serious jihadist need only travel to well known locations and get in line for explosives, RPGs (rocket-propelled grenades), mortars, etc.

Does the weapon in this photo look homemade?

Of course not! Anyone with a passport and a little imagination can possess a wide variety of harmful devices.

But then, they are not an armchair jihadist.

DIY missile/explosive reading clubs of jihadists are not threats to the public. Manufacturing of explosives and missiles are difficult and dangerous, tasks best left to professionals. They are more dangerous to each other than the general public.

When allocating law enforcement resources, remember that the only thing easier to acquire than weapons is possibly marijuana. Anyone planning on building weapons can be ignored as an armchair jihadist.

PS: I started to edit the steps for building a guided missile for length but the description highlights the absurdity of the charges in question. Melting steel or aluminum and pouring it into a metal die? Please, that’s not a backyard activity. Neither is pouring molten rocket fuel using a centrifuge.

Apple has introduced a “severe” flaw in its newly-released iOS 10 operating system that leaves backup data vulnerable to password-cracking tools, according to researchers at a smartphone forensics company that specializes in unlocking iPhones.

In a blog post published Friday by Elcomsoft, a Russian company that makes software to help law enforcement agencies access data from mobile devices, researcher Oleg Afonin showed that changes in the way local backup files are protected in iOS 10 has left backups dramatically more susceptible to password-cracking attempts than those produced by previous versions of Apple’s operating system.

Specifically, the company found that iOS 10 backups saved locally to a computer via iTunes allow password-cracking tools to try different password combinations at a rate of 6,000,000 attempts per second, more than 40 times faster than with backups created by iOS 9. Elcomsoft says this is due to Apple implementing a weaker password verification method than the one protecting backup data in previous versions. That means that cops and tech-savvy criminals could much more quickly and easily gain access to data from locally-stored iOS 10 backups than those produced by older versions.
…

After the NSA sat on a Cisco vulnerability for a decade or so, you have to wonder about the motives of Elcomsoft for quick disclosure.

Perhaps they wanted to take away an easy win from their potential competitors?

In any event, be aware that your iOS 10 has a vulnerability the size of a Mack truck.

Got any Russian readers, that’s roughly the equivalent to:

While looking for this image, I saw a number of impressive Russian trucks!

As Graham points out, the FBI has been denied the fruits of its operation of a child porn site (alleged identities of consumers of child porn), but there is a deeper issue here beyond than defining malware.

The deeper issue lies in a portion of the FBI brief that Graham quotes in part:

…
“Malicious” in criminal proceedings and in the legal world has very direct implications, and a reasonable person or society would not interpret the actions taken by a law enforcement officer pursuant to a court order to be malicious.
…

…
CARDINAL RICHELIEU. … Document three, the most important of all: A pardon — in case you get caught. It’s call a Carte Blanche. It has the force of law and is unbreakable, even by Royal fiat.

MILADY. (Reading it.) “It is by my order and for the benefit of the State that the bearer of this note has one what he has done.”
…

The FBI contends a court order, assuming it bothers to obtain one, operates as Carte Blanche and imposes no limits on FBI conduct.

Moreover, once a court order is obtained, reports by the FBI of guilt are sufficient for conviction. How the FBI obtained alleged evidence isn’t open to inspection.

Judges should disabuse the FBI of its delusions concerning the nature of court orders and remind it of its proper role in the criminal justice system. The courts, so far as I am aware, remain the arbiters of guilt and innocence, not the FBI.

…
If an NSL contains a nondisclosure notice, it must advice the recipient of its right to seek, or to have the agency seek, judicial review. At the recipient’s request, the issuing agency must petition the court for review, stating the specific facts that support its belief that disclosure might result in one or more of the statutorily identified adverse consequences. 140 If the court agrees that such a risk may exist, it must issue a nondisclosure order. 141 (page 21) Failure to honor a nondisclosure order is punishable as contempt of court, 142…

Contempt of court sanctions come into play if, and only if, the recipient has sought judicial review and becomes subject to a court order.

Non-Court Order Penalties

…and if committed knowingly and with the intent to obstruct an investigation or related judicial proceedings is punishable by imprisonment for not more than five years and/or a fine of not more than $250,000 (not more than $500,000 for an organization). 143

…
(e) Whoever, having been notified of the applicable disclosure prohibitions or confidentiality requirements of section 2709(c)(1) of this title, section 626(d)(1) or 627(c)(1) of the Fair Credit Reporting Act (15 U.S.C. 1681u(d)(1) or 1681v(c)(1)), section 1114(a)(3)(A) or 1114(a)(5)(D)(i) of the Right to Financial Privacy Act [1] (12 U.S.C. 3414(a)(3)(A) or 3414(a)(5)(D)(i)), or section 802(b)(1) of the National Security Act of 1947 (50 U.S.C. 436(b)(1)),[2] knowingly and with the intent to obstruct an investigation or judicial proceeding violates such prohibitions or requirements applicable by law to such person shall be imprisoned for not more than five years, fined under this title, or both.
…

As I read 18 U.S.C. 1510(e), it requires:

Notice of the applicable disclosure prohibitions or confidentiality requirements

Disclosure

knowingly (excludes accidental disclosure ?)

with the intent to obstruct an investigation or judicial proceeding

The first step in any government prosecution for leaking an NSL requires proof of the applicable disclosure prohibitions, in other words, that some identified individual was notified of the applicable disclosure prohibitions.

The list of people who could have leaked an NSL of necessity includes all the people in the government with knowledge of the NSL, which I suspect won’t be disclosed to the trier of fact, plus the recipient and their counsel, etc.

Government documents, even FBI documents get leaked on a regular basis.

The lack of NSL leaks appears to be more a matter of timidity than serious jeopardy. The very worse response to terrorist-fiction-driven legislation is to take it seriously.

The more NSAs are treated as anything other than Col. “Bat” Guano responses to a world only he can see, the deeper we become mired in unconstitutional habits and practices.

The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of National Security Letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form.

Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists’ information.
…

…
For Brown, of the Reporters Committee, the disclosure of the rules “only confirms that we need information about the actual frequency and context of NSL practice relating to newsgathering and journalists’ records to assess the effectiveness of the new guidelines.”

That’s the root of the problem isn’t it?

Lack of information on how NSLs are being used against journalists in fact.

Care to comment on the odds of getting an accurate accounting of the FBI’s war on journalists from the FBI?

No? I thought not.

So how can that data be gathered?

Question for discussion (NOT legal advice)

In 2005, the non-disclosure requirements for NSLs were modified to read:

(A)In general.—A wire or electronic communication service provider that receives a request under subsection (b), or officer, employee, or agent thereof, may disclose information otherwise subject to any applicable nondisclosure requirement to—

(i) those persons to whom disclosure is necessary in order to comply with the request;

(ii) an attorney in order to obtain legal advice or assistance regarding the request; or

(iii) other persons as permitted by the Director of the Federal Bureau of Investigation or the designee of the Director.
…

Each person in the chain of disclosure has to be advised of the requirement to keep the NSL secret.

Unless the law has changed more radically than I imagine, the burden of proving a criminal offense still rests with the government.

If I am served with an NSL and I employ one or more attorneys, who have assistants working on my case, and the NSL is leaked to a public site, it remains the government’s burden to prove who leaked the NSL.

The government cannot force the innocent in the chain of disclosure to exculpate themselves and leave only the guilty party to face justice. The innocence can remain mute, as is the privilege of every criminal defendant.

Is that a fair statement?

If so, how many brave defendants are necessary in the chain of disclosure per NSL?

Unfortunately, given the secrecy surrounding the FBI terrorist watch list, it isn’t possible to know which activities or to what degree are necessary to ensure your inclusion on the list.

The same is true for the no fly list, except there you will be prevented from flying, which is a definite “tell” that you are on the no fly list.

Thomas outlines the dangers of the FBI terrorist watch list, but not how we can go about defeating those dangers.

One obvious solution is to get everyone on the FBI terrorist watch list. If we are all equally suspects, the FBI will spend all its time trying to separate merely “suspects,” from “really suspects,” from “really terrorist suspects.”

To that end, think about the following:

Report sightings of FBI agents with unknown persons.

Report sightings of FBI agents with known persons.

Report people entering federal buildings.

Report people exiting federal buildings.

Report people entering/exiting state/local government offices.

Report movements of gasoline, butane, etc., trucks.

Report people entering/exiting airports.

Report people entering/leaving bars.

Report people buying gasoline or butane.

Report people buying toys.

Report people entering/exiting gun shops/shows.

etc.

The FBI increases its ignorance every day by collecting more data than it can usefully process.

Help yourself and your fellow citizens to hide in a sea of data and ignorance.

Reports your sightings to the FBI today!

PS: If that sound ineffectual, remember that the FBI was warned about Omar Mateen, twice. When, not if, a future terrorist attack happens and your accidental report of the terrorist surfaces, how will that make the FBI look?

The FBI has created a data collection madhouse for itself. Help them enjoy it.

Posted in FBI, Government | Comments Off on How To Get On The FBI Terrorist Watch List

According to the GAO Report, FBI’s Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to FBI’s Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, it also has access to the State Department’s Visa and Passport databases, the Defense Department’s biometric database, and the drivers license databases of at least 16 states. Totaling 411.9 million images, this is an unprecedented number of photographs, most of which are of Americans and foreigners who have committed no crimes.
…

I understand and share the concern over the FBI’s database of 411.9 million images from identification sources, but let’s be realistic about the FBI’s share of all the image data.

Dr. Christopher Soghoian’s affidavit in UNITED STATES OF AMERICA v. EDWARD JOSEPH MATISH, III, Criminal No. 4:16cr16, Document 83-1, is a highly readable account of why the lack of encryption for the Playpen Network Investigative Technique (NIT) is fatal to the FBI’s case.

In a nutshell, the lack of encryption means that the FBI cannot prove that data from a point of origin was not changed before it reached the FBI’s computer. Anywhere along the network transmission, some third party could have changed or even inserted new content.

In legal speak, it’s call “…the chain of custody.”

Say for example a defendant is charged with illegal possession of a firearm. At trial, the state must product the firearm alleged to be in his possession at the time of his arrest. Moreover, as part of that proof, the state must prove “custody” of that gun at every step of the way.

The arresting officer testifies to the arrest and identifies the gun retrieved from the defendant. They then testify they put that gun into a bag with a label, noting the serial number and then signing the bag after sealing it. Next a crime room technician will testify they received bag # with the officer’s signature and logged it into their evidence log. And so on, up until the officer opens the bag in court and says: “This is the gun I took off of the defendant.”

Break that chain of custody and the evidence isn’t admissible.

The chain of custody doesn’t exist in the Playpen cases because the lack of encryption means the data in question could have been changed at any number of points along the way and the FBI cannot prove otherwise.

Think of it as an affirmative burden of proof. No proof of chain of custody and the evidence is not admissible.

Even a first year FBI trainee should know that rule.

Which makes the FBI’s desire to get D- quality work approved all the more puzzling.

Why not follow the rules and do good work? What so daunting about that?

Suggestions?

PS: Should the FBI need advice on following the rules on cyber-evidence matters, don’t contact the Justice Department. They have an unsavory reputation for lying to judges and just as likely would lie to the FBI. Check around for ex-U.S. attorneys with cyberlaw experience.

…
The amount of data being collected, however, proved difficult for MI5 to handle. In March 2010, in another secret report, concerns were reiterated about the agency’s difficulties processing the material it was harvesting. “There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.”
…

I should not complain about the FBI, NSA and other government agencies committing intelligence suicide by data.

Their rapidly growing ineffectiveness shields innocents from their paranoid fantasies.

At the same time, that ineffectiveness inhibits the performance of legitimate purposes. (The FBI, once upon a time, had a legitimate purpose, some of the others, well, that’s an issue for debate.)

So we are clear, I don’t consider contracts for “butts in seats” for either contractors or agencies to be for “legitimate purposes.” I reserve the phrase “legitimate purposes” for activities that further the stated goals of the agency, not padding staffing rolls, not occupying as much office space as possible, not having the most forms or whatever other criteria functions as the measure of success in a particular agency.

What data sources, in order of historical importance, are available in case X?

Assemble the data from the top performing resources

For example, if an informant has direct contact with an alleged Islamic State supporter, isn’t that the best source of evidence for their plans and thinking? Do you really need their websearch history from an internet services provider? Considering that you will ask for everyone’s web search history to avoid disclosing the particular web history you are seeking.

To be sure, vendors will sell you as much data processing and storage capacity as you care to purchase, but you won’t be any closer to stopping terrorism. Just closer to the end of your budget for the current fiscal year.

…Shafer reported that Patterson Dental had left patient data on an unsecured FTP server, and then he called attention to another vulnerability in one post in February, and then again in a second post in March. And now, according to an FBI agent, Patterson Dental was allegedly claiming that in accessing their unsecured anonymous FTP server, Shafer had accessed it “without authorization” and should be charged criminally under CFAA.
…

Take these recent events with Shafer as an incentive to read up on the Andrew “weev” Auernheimer proceedings (reversed on venue grounds on appeal).

On the other hand, being free to land body blows (legal ones of course) on corrupt and inept government agencies, their agents and masters, serves the cause of intellectual freedom as well.

Dissent Doe captures where I think Shafer went wrong:

…
Shafer discovered the exposed patient data at the beginning of February and contacted DataBreaches.net to request help with the notification and responsible disclosure. Both DataBreaches.net and Shafer began attempting to notify Patterson and clients whose unencrypted patient information had been exposed for an unknown period of time. Over the next few days, we emailed or called Patterson; Timberlea Dental Clinic in Alberta, Canada; Dr. M Stemalschuk in Canada; Massachusetts General Hospital Dental Group; and Dr. Rob McCanon.

Only after Shafer determined that the patient data had been secured did he and DataBreaches.net disclose the incident publicly. As reported on DataBreaches.net, Shafer found that 22,000 patients had had their unencrypted sensitive health information at risk of access by others. It is not clear how long the publicly accessible FTP server was available, and Patterson Dental did not answer the questions DataBreaches.net asked of it on the matter. Shafer told the Daily Dot, however, that the FTP server had been unsecured for years. In an email statement, he wrote (typos corrected):

“Many IT guys in the dental industry know that the Patterson FTP site has been unsecured for many years. I actually remember them having a passworded FTP site back in 2006. To get the password you would call tech support at Eaglesoft\Patterson Dental and they would just give you the password to the FTP site if you wanted to download anything. It never changed. At some point they made the FTP site anonymous. I think around 2010.”

…

Shafer was waving a red flag to mark his location with “hit me” hand painted on the flag.

The result, so far, you know.

Even if the case goes no further, some other PR hungry Assistant United States Attorney (AUSA) could snatch someone else up for equally specious reasons.

There are seven types of criminal activity enumerated in the CFAA: obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. Attempts to commit these crimes are also criminally punishable.

Take the present facts. Clearly insane to claim that access to public data is ever unauthorized.

Multiple Choice Question:

Who is in jail as a result of: an insane view of the law + complaining witness + ASUS = warrant for your arrest.

A. The ASUS?

B. The complaining witness?

C. You?

If by accessing a server (doesn’t matter whether public, private, arguable) and you discover medical records, without revealing your identity, notify plaintiff’s attorneys in the legal jurisdictions where patients live or where the potential defendants are located.

If that seems to lack the “bang” of public shaming, consider that setting plaintiffs lawyers on them makes terriers hunting rats look quite tame. (not for the faint of heart)

You accomplish your goal of darkening the day for some N number of wrong-doers, increasing (perhaps) the protection offered patients, at a greatly diminished risk. A diminished risk that enables you to continue to do good deeds.

There are no, repeat no legal systems that give a shit, if you and all of your friends on social media think it is “unfair.” I may well agree with you too but entanglement in any legal system, even if you “win,” you have lost. Time, money, stress, etc.

Non-identification, however you accomplish that, is one step towards avoiding such entanglements.

Think of non-identification as the red team side of topic maps. The blue team tries to identify subjects while the red team attempts to avoid identification. A number of practical and theoretical issues ensue.

A US federal judge on Wednesday excluded all evidence in a child pornography case that was acquired by the FBI through an exploit compromising the Tor network. The federal government hasn’t announced what it’ll do next, but if it can’t prevail in an appeal, its case against Vancouver, Washington teacher Jay Michaud may well be doomed.
…

Defendant prevails on the grounds of the FBI refusing to disclose its exploit.

Criminal law 101. The state can’t produce “evidence,” gathered by some unknown means and use it to “prove” the guilt of a defendant.

Every defendant gets to contest the evidence produced against them. In this case, the FBI has chosen to deny a defendant that right.

Last month, a United States district court judge threw out evidence in a child abuse imagery case that the Federal Bureau of Investigation (FBI) had obtained using a hacking tool. While the court ruled to suppress the evidence, it did not prohibit the FBI from using the hacking tool—called a “network investigative technique” (NIT)—to install malware code on suspects’ computers. Rather, the court’s ruling stated that the magistrate judge wrongly granted the FBI’s NIT warrant because the case was not within her jurisdiction, thus violating Federal Rule of Evidence 41(b). Still, this ruling marks a possible stumbling block to an FBI probe and the resulting charges against approximately 137 individuals in the United States.
…

BTW, Scott’s post is an excellent example of how to write a useful blog post on legal issues. Quoting, summarizing, characterizing is all well and good, but many of us are interested in sources and not but the sources.

Paul J Cleary, a Magistrate Judge, is the second judge to suggest that evidence obtained in the FBI mass hack,using malware planted by the federal agency on the infiltrated child porn site PlayPen, be thrown out.
￼
In the mass hack case, the FBI uploaded the malware in February 2015 as part of Operation Pacifier.

On the 25th of last month, the same judge recommended for suppression of evidence (obtainedin the FBI mass hack) in a similar case.

Another Rule 41 based decision, which would be decided differently under proposed changes to Rule 41 rules on search warrants.

Summary:

Although the Rule 41 violation is clear and clean cut, I much prefer the suppression of evidence for failure to disclose its alleged hack of the TOR network. There are many ways to gather the information the FBI claims to possess and proof of how they came to possess it, is a critical link in the chain of evidence.

I have read differing numbers on the defendants charged out of Playpen, but accepting 137 as the high, there are as many as 134 defendants remaining.

Suggestions on how to document the remaining cases? I have searched both the FBI and Justice Department for any mention of the Playpen operation. Number of “hits”: 0.

If you didn’t know better, you would say “the FBI and Justice Department are ashamed of Operation Playpen.” Do you think?

Federal prosecutors have charged 84 men and women around the country in connection with the Islamic State. So far, 32 have been convicted. Men outnumber women in those cases by about 7 to 1. The average age of the individuals is 27. One is a minor. The FBI says that, in a handful of cases, it has disrupted plots targeting U.S. military or law enforcement personnel.

The post breaks down proceedings by state and lists each person separately, along with the source of the information.

If you are looking for a small but significant data set on terrorism, I think this is the place.

If you develop further information on these cases, repay the original authors by sharing your discoveries.

Posted in FBI, Government | Comments Off on The Islamic State’s suspected inroads into America – Data Set!

The card was left while no one was at home. At best the business card is a weak indicator of a visitor’s identity. It was later confirmed Mark W. Burnett had visited, in various conversations between counsel and the FBI. See the original post for the harassment story.

What can we find out about Special Agent Mark W. Burnett? Reasoning if the FBI is watching us, we damned sure better be watching them.

The easiest thing to find is that Mark W. Burnett isn’t a “special agent in charge,” as per the FBI webpage for the Los Angeles office. A “special agent in charge” is a higher “rank” than a “special agent.”

Turning to Google, here’s a screenshot of my results:

The first two “hits” are the same Special Agent Mark W. Burnett (the second one requires a password) but the first one says in relevant part:

3rd Annual West Coast Cyber Security Summit
Special Report on Cyber Technology and Its Impact on the Banking Community
The California Club
538 South Flower Street, Los Angeles, CA 90071
Tuesday, May 13, 2014

If you don’t know the California Club, as the song says “…you aren’t supposed to be here.”

So we know that Mark W. Burnett was working for the FBI in May of 2014.

The third “hit” is someone who says they know a Mark W. Burnett but it doesn’t go any further than that.

The last two “hits” are interesting because they both point to the Congressional Record on February 1, 2010, wherein the Senate confirms the promotion of a “Mark. W. Burnett” to the rank of colonel in the United States Army.

I searched U.S. District Court decisions at Justia but could not find any cases where Mark W. Burnett appeared.

The hand written “desk phone” detracts from the professionalism of the business card. It also indicates that Mark hasn’t been in the Los Angeles office long enough to get better cards.

What do you know about Special Agent Mark W. Burnett?

PS: There are hundreds of FBI agents from Los Angeles on LinkedIn but Mark W. Burnett isn’t one of them. At least not by that name.

“Warrant canary” is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received, such as a national security letter. Canarywatch tracks and documents these statements. This site lists warrant canaries we know about, tracks changes or disappearances of canaries, and allows submissions of canaries not listed on the site.

All of the “warrant canaries” I saw listed were from service providers and other organizations.

I recently saw a “warrant canary” posted by an individual (more on that this week).

The thought did occur to me that if enough individuals had “warrant canaries” on fairly short (monthly?) renewal cycles, it would be possible to track the service of warrants through particular communities.

My recent post, How-To Document Conspiracies and Other Crimes raised concerns with some readers since I did not address the legal niceties of the indictment. Burden of proof, claims not facts, etc. All of which were irrelevant to my point of using “secure IRC” to document a conspiracy or other crimes.

True or false, the indictment serves to illustrate the impact of self-documenting the commission of crimes, if indeed any crimes were committed.

What prompted this post was the suggestion that I was ignoring the “rule of law” in cases such as the one involving Lauri Love.

Perhaps the hacker community is unaware that the “rule of law” is a fiction which the sovereign sets aside at its convenience.

That has always been the case but the disturbing development during the Fear of Terror era, is that abandonment of the “rule of law” has become overt policy.

Iran-Contra is an example of abandoning the “rule of law” but at least those involved were talked about as criminals.

…
Dr. Matt Edman also testified at the hearing. Id. at 84-101. In the Fall of 2012 he was employed by the Mitre Corporation as a senior cyber security engineer assigned to the FBI’s Remote Operations Unit. Id. at 84. He testified he has a bachelor of science degree in computer science from Baylor University and a Master’s Degree and Ph. D. in computer science from Rensselaer Polytechnic Institute. Id. at 85. He essentially corroborated Smith’s testimony. Id. at 85-89. He stated he adapted and configured the application found on Decloak.net to collect the limited set of information from a user’s computer (a unique identifier, the user’s operating system type, version, and architecture) and then send that information to the FBI-controlled server. Id. at 89. He wrote the source code and called it “Cornhusker.” Id. at 87. He stated there was no other functionality installed. Id. He further testified he did not plant porn on anyone’s computer. Id. (emphasis in the Anonymous tweet but not in the original decision)
…

Without more context, I was puzzled why that portion of the opinion was significant to Anonymous?

According to an investigation, Matthew Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware that allowed Feds to hack and unmask Tor users in several high-profile cases, including Operation Torpedo and Silk Road.

I say “mystery solved,” but not really because I still fail to see the complaint about Matthew Edman working on anti-Tor malware?

No one claims Edman did poor work on Tor in hopes of a future exploit.

He was a former Tor employee working for Mitre, who had a client requesting anti-Tor malware.

Who should Mitre have tasked with that job?

Someone who had never used Tor or perhaps someone with greater familiarity with it?

…Edman is nevertheless being pilloried in the media, as though he were some sort of “gamekeeper turned poacher”, and as though, having once worked on Tor, he ought to have turned his back on law enforcement for ever.

What do you think? Is Edman some sort of turncoat?

Or has he shown that you can be in favour of privacy while also supporting the uncloaking of users when investigating serious crimes?

A federal judge has unsealed her ruling that National Security Letter (NSL) provisions in federal law—as amended by the USA FREEDOM Act—don’t violate the Constitution. The ruling allows the FBI to continue to issue the letters with accompanying gag orders that silence anyone from disclosing they have received an NSL, often for years. The Electronic Frontier Foundation (EFF) represents two service providers in challenging the NSL statutes, who will appeal this decision to the United States Court of Appeals for the Ninth Circuit.

“Our heroic clients want to talk about the NSLs they received from the government, but they’ve been gagged—one of them since 2011,” said EFF Deputy Executive Director Kurt Opsahl. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse. Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions.”

This long-running battle started in 2011, after one of EFF’s clients challenged an NSL and the gag order it received. In 2013, U.S. District Court Judge Susan Illston issued a groundbreaking decision, ruling that the NSL power was unconstitutional. However, the government appealed, and the Ninth Circuit found that changes made by the USA FREEDOM Act passed by Congress last year required a new review by the District Court.

In the decision unsealed this week, the District Court found that the USA FREEDOM Act sufficiently addressed the facial constitutional problems with the NSL law. However, she also ruled that the FBI had failed to provide a sufficient justification for one of our client’s challenges to the NSLs. After reviewing the government’s justification, the court found no “reasonable likelihood that disclosure … would result in danger to the national security of the United States,” or other asserted dangers, and prohibited the government from enforcing that gag. However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal.
…

The district court’s decision has many low points, perhaps the lowest is its quoting of the Second Circuit in John Doe, Inc. v. Mukasey:

Although the nondisclosure requirement is in some sense a prior restraint,… it is not a typical example of such a restriction for it is not a restraint imposed on those who customarily wish to exercise rights of free expression, such as speakers in public fora, distributors of literature, or exhibitors of movies. And although the nondisclosure requirement is triggered by the content of a category of information, that category, consisting of the fact of the receipt of an NSL and some related details, it far more limited than the broad categories of information that have been at issue with respect to typical content-based restrictions.

In the court’s judgment since customary speakers weren’t at issue, there’s no protection from prior restraint.

What a bizarre concept.

Are you a speaker in a public fora, distributor of literature, exhibitor of movies?

Well, I don’t qualify as an exhibitor of movies.

Nor do I qualify as a distributor of literature, at least in the sense of a traditional publisher.

Hmmm, do you think I qualify as a speaker in a public fora?

Perhaps, perhaps, but considering the tortured lengths the court went to reach its decision, what do you think the odds are that Wolf Blizer is a speaker in a public fora and I’m not?

Or you for that matter?

Support the EFF in this fight, it’s your right to be informed about FBI excesses and to raise those with your elected representatives that is at stake.

KHALIL ABU RAYYAN was a lonely young man in Detroit, eager to find a wife. Jannah Bride claimed she was a 19-year-old Sunni Muslim whose husband was killed in an airstrike in Syria. The two struck up a romantic connection through online communications.

Now, Rayyan, a 21-year-old Michigan man, is accused by federal prosecutors of supporting the Islamic State.

Documents released Tuesday show, however, that Rayyan was motivated not by religious radicalism but by the desire to impress Bride, who said she wanted to be a martyr.

Jannah Bride, not a real name, was in fact an FBI informant hired to communicate with Rayyan, who first came to the FBI’s attention when he retweeted a video from the Islamic State of people being thrown from buildings. He wrote later on Twitter: “Thanks, brother, that made my day.”
…

If you are shy, socially awkward and a woman is throwing herself at you, that’s a warning sign.

Either you have Ben Franklins leaking from your pockets or it is an FBI sting operation.

Check your pockets.

I don’t know of any reliable test for FBI informants but if people:

Volunteer money for illegal purchases

Urge you to say or plan illegal acts

Provide you with plans for illegal objects or substances

Initiate/maintain contact with you for 1, 2, or 3

The question you have to ask yourself:

If they are so hot for action, why are they pestering you?

Unless you think a long stretch in a U.S. prison looks good on your resume, avoid people who want to facilitate you committing illegal acts.

They have an agenda and it isn’t to benefit you. Only themselves.

Posted in FBI, Government | Comments Off on FBI Adds New Meaning to “Safe Sex”

…
The Government argues that there are times when the interests of national security require the Government to mislead the Court. The Court strongly disagrees. The Government’s duty of honesty to the Court can never be excused, no matter what the circumstance. The Court is charged with the humbling task of defending the Constitution and ensuring that the Government does not falsely accuse people, needlessly invade their privacy or wrongfully deprive them of their liberty. The Court simply cannot perform this important task if the Government lies to it. Deception perverts justice. Truth always promotes it.
…

When you are dealing with a party that has a policy of misleading courts to further “national security,” why would you credit any unsubstantiated claim from that source?

More than a policy, a history of lying to both the public and the courts.

Is it sufficient that the FBI declare it’s not lying today? This time? Or did any media representative even ask that question?

Until an independent expert “hacks” an identical iPhone using the FBI’s “method,” the FBI “hack” of the San Bernardino IPhone ranks with photos of presidents with aliens:

And for equal time purposes:

A skeptical public press would not parrot the unsubstantiated claims of known liars, even when those liars are federal agencies.

But then, we don’t have a skeptical public press.

Yes?

Posted in FBI, Government, Law | Comments Off on FBI Hacked San Bernardino IPhone – Why Do You Believe That?

…
To cut to the chase, our view is that, properly understood, the All Writs Act should be read to authorize the kind of order the government has sought in these cases only when the recipient is compelled to help the government utilize existing vulnerabilities in its software, and not when the order instead directs the recipient to devote its resources to creating material new software vulnerabilities which can then be exploited by the government. (emphasis in original)
…

Chesney and Vladeck’s analysis, like some treatments of this issue, ignore the deciding of United States v. New York Telephone Company, 434 U.S. 159 (98 S.Ct. 364, 54 L.Ed.2d 376) by 5 to 4, with four justices dissenting on the issue of the district court’s authority to order the telephone company to provide “assistance” to the government.

The dissent by Justice Stevens that focuses on the All-Writs Act:

Even if I were to assume that the pen register order in this case was valid, I could not accept the Court’s conclusion that the District Court had the power under the All Writs Act, 28 U.S.C. 1651(a), to require the New York Telephone Company to assist in its installation. This conclusion is unsupported by the history, the language, or previous judicial interpretations of the Act.

The All Writs Act was originally enacted, in part, as § 14 of the Judiciary Act of 1789, 1 Stat. 81.15 The Act was, and is, necessary because federal courts are courts of limited jurisdiction having only those powers expressly granted by Congress,16 and the statute provides these courts with the procedural toolsthe various historic common-law writsnecessary for them to exercise their limited jurisdiction.17 The statute does not contain, and has never before been interpreted as containing, the open-ended grant of authority to federal courts that today’s decision purports to uncover. Instead, in the language of the statute itself, there are two fundamental limitations on its scope. The purpose of any order authorized by the Act must be to aid the court in the exercise of its jurisdiction;18 and the means selected must be analogous to a common-law writ. The Court’s opinion ignores both limitations.

The Court starts from the premise that a district court may issue a writ under the Act “to effectuate and prevent the frustration of orders it has previously issued in its exercise of jurisdiction otherwise obtained.” Ante, at 172. As stated, this premise is neither objectionable nor remarkable and conforms to the principle that the Act was intended to aid the court in the exercise of its jurisdiction. Clearly, if parties were free to ignore a court judgment or order, the court’s ability to perform its duties would be undermined. And the court’s power to issue an order requiring a party to carry out the terms of the original judgment is well settled. See Root v. Woolworth, 150 U.S. 401, 410-413, 14 S.Ct. 136, 138, 37 L.Ed. 1123. The courts have also recognized, however, that this power is subject to certain restraints. For instance, the relief granted by the writ may not be “of a different kind” or “on a different principle” from that accorded by the underlying order or judgment. See id., at 411-412, 14 S.Ct., at 138-139.19

More significantly, the courts have consistently recognized and applied the limitation that whatever action the court takes must be in aid of its duties and its jurisdiction.20 The fact that a party may be better able to effectuate its rights or duties if a writ is issued never has been, and under the language of the statute cannot be, a sufficient basis for issuance of the writ. See Sampson v. Murray, 415 U.S. 61, 94 S.Ct. 1028, 39 L.Ed.2d 123; Commercial Security Bank v. Walker Bank & Trust Co., 456 F.2d 1352 (C.A.10, 1972); J. Moore, B. Ward, & J. Lucas, 9 Moore’s Federal Practice ¶ 110.29 (1975).

Nowhere in the Court’s decision or in the decisions of the lower courts is there the slightest indication of why a writ is necessary or appropriate in this case to aid the District Court’s jurisdiction. According to the Court, the writ is necessary because the Company’s refusal “threatened obstruction of an investigation . . ..” Ante, at 174. Concededly, citizen cooperation is always a desired element in any government investigation, and lack of cooperation may thwart such an investigation, even though it is legitimate and judicially sanctioned.21 But unless the Court is of the opinion that the District Court’s interest in its jurisdiction was coextensive with the Government’s interest in a successful investigation there is simply no basis for concluding that the inability of the Government to achieve the purposes for which it obtained the pen register order in any way detracted from or threatened the District Court’s jurisdiction. Plainly, the District Court’s jurisdiction does not ride on the Government’s shoulders until successful completion of an electronic surveillance.

If the All Writs Act confers authority to order persons to aid the Government in the performance of its duties, and is no longer to be confined to orders which must be entered to enable the court to carry out its functions, it provides a sweeping grant of authority entirely without precedent in our Nation’s history. Of course, there is precedent for such authority in the common law the writ of assistance. The use of that writ by the judges appointed by King George III was one British practice that the Revolution was specifically intended to terminate. See n. 3, supra. I can understand why the Court today does not seek to support its holding by reference to that writ, but I cannot understand its disregard of the statutory requirement that the writ be “agreeable to the usages and principles of law.”

The order directed against the Company in this case is not particularly offensive. Indeed, the Company probably welcomes its defeat since it will make a normal profit out of compliance with orders of this kind in the future. Nevertheless, the order is deeply troubling as a portent of the powers that future courts may find lurking in the arcane language of Rule 41 and the All Writs Act.

The statute was also derived from § 13 of the Judiciary Act, which concerned writs of mandamus and prohibition, 1 Stat. 80, and a statute dealing with writs of ne exeat, 1 Stat. 334. The All Writs Act now reads:

“(a) The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”

This proposition was so well settled by 1807 that Mr. Chief Justice Marshall needed no citation to support the following statement:

“As preliminary to any investigation of the merits of this motion, this court deems it proper to declare that it disclaims all jurisdiction not given by the constitution, or by the laws of the United States.

“Courts which originate in the common law possess a jurisdiction which must be regulated by their common law, until some statute shall change their established principles; but courts which are created by written law, and whose jurisdiction is defined by written law, cannot transcend that jurisdiction. It is unnecessary to state the reasoning on which this opinion is founded, because it has been repeatedly given by this court; and with the decisions heretofore rendered on this point, no member of the bench has, even for an instant, been dissatisfied.” Ex parte Bollman, 4 Cranch 75, 93, 2 L.Ed. 554.

This Court has frequently considered this requirement in the context of orders necessary or appropriate in the exercise of appellate jurisdiction. See J. Moore, B. Ward, & J. Lucas, 9 Moore’s Federal Practice &Par; 110.27-110.28 (1975). Here, we are faced with an order that must be necessary or appropriate in the exercise of a district court’s original jurisdiction.

These restraints are necessary concomitants of the undisputed fact that the All Writs Act does not provide federal courts with an independent grant of jurisdiction. McIntire v. Wood, 7 Cranch 504, 3 L.Ed. 420; Rosenbaum v. Bauer, 120 U.S. 450, 7 S.Ct. 633, 30 L.Ed. 743. The factors mentioned above may be relevant in determining whether the court has ancillary jurisdiction over the dispute. See Dugas v. American Surety Co., 300 U.S. 414, 57 S.Ct. 515, 81 L.Ed. 720; Labette County Comm’rs v. Moulton, 112 U.S. 217, 5 S.Ct. 108, 28 L.Ed. 698; Morrow v. District of Columbia, 135 U.S.App.D.C. 160, 417 F.2d 728 (1969). In this case, the District Court’s order was entered against a third partythe Telephone Company. The Court never explains on what basis the District Court had jurisdiction to enter this order. Possibly, the District Court believed that it had ancillary jurisdiction over the controversy, or that the failure of the Company to aid the Government posed a federal question under 28 U.S.C. 1331. See Board of Education v. York, 429 F.2d 66 (C.A.10 1970), cert. denied, 401 U.S. 954, 91 S.Ct. 968, 28 L.Ed.2d 237. Since I believe that the District Court could not enter its order in any event since it was not in aid of its jurisdiction, I do not find it necessary to reach the question where there was jurisdiction, apart from the All Writs Act, over the “dispute” between the Government and the Telephone Company. However, the Court’s failure to indicate the basis of jurisdiction is inexplicable.

The Court’s failure to explain why the District Court’s order was in aid of its jurisdiction is particularly notable when compared to the rationale of the prior Court cases on which it relies. See, e. g., Harris v. Nelson, 394 U.S. 286, 299, 89 S.Ct. 1082, 1090, 22 L.Ed.2d 281 (“the habeas corpus jurisdiction and the duty to exercise it being present, the courts may fashion appropriate modes of procedure . . . . Where their duties require it, this is the inescapable obligation of the courts”) (emphasis added); FTC v. Dean Foods Co., 384 U.S. 597, 604, 86 S.Ct. 1738, 1742, 16 L.Ed.2d 802 (injunction issued under All Writs Act upheld because it was necessary “to preserve the status quo while administrative proceedings are in progress and prevent impairment of the effective exercise of appellate jurisdiction “) (emphasis added).

The Court apparently concludes that there is no functional distinction between orders designed to enable a party to effectuate its rights and orders necessary to aid a court in the exercise of its jurisdiction. Ante, at 175 n. 23. The Court reaches this conclusion by pointing out that the orders in cases such as Harris v. Nelson, supra, protected a party’s rights. This is, of course, true. Orders in aid of a court’s jurisdiction will usually be beneficial to one of the parties before the court. The converse, however, is clearly not true. Not all orders that may enable a party to effectuate its rights aid the court in its exercise of jurisdiction. Compare Sampson v. Murray, 415 U.S. 61, 94 S.Ct. 937, 39 L.Ed.2d 166, with FTC v. Dean Foods Co., supra.

A citizen is not, however, free to forcibly prevent the execution of a search warrant. Title 18 U.S.C. 2231 imposes criminal penalties on any person who “forcibly assaults, resists, opposes, prevents, impedes, intimidates, or interferes with any person authorized to serve or execute search warrants . . . .” This section was originally enacted as part of the Espionage Act of 1917, see n. 6, supra, and is the only statutory provision imposing any duty on the general citizenry to “assist” in the execution of a warrant.

….

As Justice Stevens points out:

…
If the All Writs Act confers authority to order persons to aid the Government in the performance of its duties, and is no longer to be confined to orders which must be entered to enable the court to carry out its functions, it provides a sweeping grant of authority entirely without precedent in our Nation’s history. Of course, there is precedent for such authority in the common law the writ of assistance. The use of that writ by the judges appointed by King George III was one British practice that the Revolution was specifically intended to terminate. See n. 3, supra. I can understand why the Court today does not seek to support its holding by reference to that writ, but I cannot understand its disregard of the statutory requirement that the writ be “agreeable to the usages and principles of law.”
…

the construction urged by Chesney & Vladeck and the slim majority in United States v. New York Telephone Company, 434 U.S. 159 (98 S.Ct. 364, 54 L.Ed.2d 376), is a parallel to one of the reasons for the American Revolution.

The writ to compel Apple to assist the FBI is the

…portent of the powers that future courts may find lurking in the arcane language of Rule 41 and the All Writs Act.

that Justice Stevens foresaw in his dissent.

Rather than scrambling for some tortured “middle ground” with the FBI, legal scholars should be lining up to urge correction of the mistake made in United States v. New York Telephone Company, 434 U.S. 159 (98 S.Ct. 364, 54 L.Ed.2d 376).

The time has come to end the threat of slavery for both corporations and individuals under the All-Writs Act.

The portions of the opinions quoted above are from the Legal Information Institute (LII) at Cornell University Law School. Supporting the LII fosters public access to legal resources.

High level architects are the focus of the article but software projects aren’t composed solely of high level architects.

The architects will readily find new positions but what of lower level resistance fighters? The software/hardware community needs to prepare now to aid and shelter lower level resistance fighters from Apple.

They will be defending our rights and should know ahead of time that they don’t stand alone. Against the U.S. or any other coercive government.

Ask your management to earmark and advertise Apple La Résistance positions so that potential resistance fighters know they aren’t in this fight alone.

Support Apple now and resistance fighters online, offline, in any manner available to you.

Conscription, let’s be honest, enslavement at government demand, is wrong. (full stop)

A group of former Skype technologists, backed by the co-founder of the messaging platform, has introduced a new version of its own messaging service that promises end-to-end encryption for all conversations, including by video.

Wire, a 50-person start-up mostly made up of engineers, is stepping into a global political debate over encryption that pits privacy against security advocates, epitomized by the standoff between the U.S. government and Apple.

The company said on Thursday it was adding video calling to a package of private communications services that go beyond existing messaging providers.
…

Our personal and professional data is at the center of a new economy. The information we share on social networks, via email, and messaging services is being used to build profiles. These profiles are in turn used to sell us products and services through targeted advertising and suggestion. The data collected is vast, detailed, and often very personal. Vast resources are being spent to refine the profiles, all without transparency, policy or oversight.

Our personal and professional online communications should not be part of this economy. In the physical world we talk with each other directly. We can lower our voices or close a door to share private thoughts. In the online world we should be able to communicate directly without passing our private communications through these corporate data mines.

Wire is different.
…

You will also find this FBI heartburn product comparison matrix, suitable for framing, to let everyone know you are serious about security (select for larger image):

There’s a web version of the service so I don’t have to buy a phone just to use it and/or annoy the FBI.

I’m signed up.

What about you?

FAQ: Why the emphasis on annoying the FBI?

Good question!

During my lifetime the FBI has illegally spied on civil rights leaders and organizations, the same for anti-war movements and virtually every other departure from the “norm.”

The more ordinary folks annoy the FBI, the less time and resources it has to conduct illegal operations against other citizens.

It won’t stop the FBI any more than being covered with 10,000 fleas would prevent you from driving. It would make driving, however, a very unpleasant experience.

Gregg points out that the latest brief by the DOJ in the San Bernardino case, at footnote 9, page 22, the government says:

9 For the reasons discussed above, the FBI cannot itself modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers. See In re Under Seal, 749 F.3d 276, 281-83 (4th Cir. 2014) (affirming contempt sanctions imposed for failure to comply with order requiring the company to assist law enforcement with effecting a pen register on encrypted e-mail content which included producing private SSL encryption key).

The DOJ hints that it will enlist the courts to assist it in the theft of Apple’s property and as Gregg further points out, may still want to force Apple to assist it:

Even if the Court ordered Apple to provide the government with Apple’s cryptographic keys and source code, Apple itself has implied that the government could not disable the requisite features because it “would have insufficient knowledge of Apple’s software and design protocols to be effective.” (Neuenschwander Decl. ¶ 23.) (at page 28 of the latest government brief)

Powerful briefs have been filed in support of Apple but its time to take the factual gloves off.

The expansive claims of the government are based solely on the entirely fictional notion that it is in hot pursuit of a terrorist threat.

If there were any terrorist threat to speak of, one would expect the TSA to have found a terrorist, at least one, this many years after 9/11. Some fifteen years this next September 11th. But it hasn’t.

Yes, fourteen people died during the San Bernardino attack, which the government has yet to show was anything more than a work place related dispute that erupted at a holiday party.

No government, not even the United States government, is entitled to declare facts not in evidence and expect others, especially fact finders such as courts, to meekly accept them as true.

The DOJ keeps posturing about the government’s interest. Apple and others should put that interest to a factual test.

Government agents are engaging in budget justifying behavior is a far less compelling reason to violate Apple’s constitutional rights than an actual terrorist threat.

But the so-called terrorist threat doesn’t exist. One suspects that is why the DOJ has omitted any factual basis for its claims. It could easily whistle up all the FBI arrests for terrorism, but that would expose the recruitment of the mentally ill people who are then supplied by the FBI to make those arrests.

I’m guessing that would diminish the government’s case in the eyes of the fact finder.

In some cases the government has a compelling interest, but fictional compelling interests don’t count.

The DOJ should be challenged at every step of the process, building a factual record that consists of everyone who had any part in the San Bernardino investigation, conversations with Apple, staff of the various DOJ offices, along with office notes, records, and phone logs.

If the interest of the government is so compelling, then it should not be reluctant to make a factual demonstration for the record.